04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Size

1.3MB
MD5

558a94947a999e841e9be9fe91e0a5e0
SHA1

f1b51f088629412207359a41428fd3af0346b199
SHA256

04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7
SHA512

003e3361417e4e8417d1f57aacbaade7adba8157ef938bda51af3f0fa7b7de0f3dc85696f7c796049ea7fb115382160490c2c356f49aa81b67e01c1a5a34f7d4
SSDEEP

24576:0NjXZ5ZFw+JZjnEUdoZ5Rbh0FVG8WJLDTGMekF:0RZ5c+7jnr2ZbyFw8qLDTAkF

Score

1^/10

Malware Config

Signatures

Modifies registry class 28 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\shell\open\command\IsolatedCommand = "\"%1\" %*"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\shell\runas\command\ = "\"%1\" %*"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\shell\runas\command	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\shell	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\shell\open\command\IsolatedCommand = "\"%1\" %*"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\shell\runas	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\shell\runas\command\IsolatedCommand = "\"%1\" %*"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\shell\open\command	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\Content-Type = "application/x-msdownload"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\shell\runas\command	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\ = "Application"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\Content-Type = "application/x-msdownload"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\DefaultIcon	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\shell\runas	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\shell\runas\command\IsolatedCommand = "\"%1\" %*"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\shell\open	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\DVX\\dwm32.exe\" /START \"%1\" %*"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\shell	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\DefaultIcon\ = "%1"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\shell\open\command	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\ = "psdrv"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\DVX\\dwm32.exe\" /START \"%1\" %*"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\DefaultIcon	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\DefaultIcon\ = "%1"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.exe\shell\open	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\psdrv\shell\runas\command\ = "\"%1\" %*"	04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe

C:\Users\Admin\AppData\Local\Temp\04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe
"C:\Users\Admin\AppData\Local\Temp\04ba8792f41973e5003aeb41aeb0ad8d93d5487a493929c99c3be6fecdb955e7N.exe"
1⤵
- Modifies registry class
PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2396-15-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads